How to determine which devices have the user as a local admin?
Would like to first determine which devices have the employee as a local admin and then remove those rights. I see script for the Removal of Admin Rights but I need to know how to determine which ones have that scenario. Is there a process already establish for this?
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
Ericenri
7 years ago
Hello, You would need to create a Custom Inventory Rule to accomplish this, executing maybe a wmic command or a VBS script. You could use this with ShellCommandReturnText (cmd /c NET LOCALGROUP Administrators) on a Custom Inventory Rules or distribute a BAT with the follow:
FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
FOR /F "tokens=*" %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"
Then execute the ShellComandReturnText
Posted by:
SMal.tmcc
7 years ago
see this to create the CIR's
http://www.itninja.com/blog/view/create-a-cir-to-get-a-clean-list-of-your-local-admins-and-then-filter-out-the-it-approved-admins-also-presented-at-dell-world-user-forum-2014-lessions-from-the-field
then all you need is a kscript to run a
if you want to remove admin rights from the current logged in user you can us this script (run as system)
if you want to add admin rights from the current logged in user you can us this script (run as system)
http://www.itninja.com/blog/view/create-a-cir-to-get-a-clean-list-of-your-local-admins-and-then-filter-out-the-it-approved-admins-also-presented-at-dell-world-user-forum-2014-lessions-from-the-field
then all you need is a kscript to run a
net user [<UserName> [/delete]]
if you want to remove admin rights from the current logged in user you can us this script (run as system)
if you want to add admin rights from the current logged in user you can us this script (run as system)
